Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
express-cart project express-cart vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-32573
The express-cart package up to and including 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Express-cart Project Express-cart
605
VMScore
CVE-2020-22403
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows malicious users to add an administrator account, add discount code or other unspecified impacts.
Express-cart Project Express-cart
578
VMScore
CVE-2018-16483
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Express-cart Project Express-cart
801
VMScore
CVE-2018-3758
Unrestricted file upload (RCE) in express-cart module prior to 1.1.7 allows a privileged user to gain access in the hosting machine.
Express-cart Project Express-cart
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started